4 January 2021
Live since
No
KYC required
$85,800
Maximum bounty
yAxis is a meta yield-aggregator designed to deploy capital to the best yield strategy available. Unlike other yield aggregators, yAxis will be able to switch underlying assets when deploying strategy. At its core, yAxis is a DAO-directed yield farming platform where YAX holders vote regularly on which yVault/aggregator strategy to implement with user funds.
yAxis is interested in securing its smart contracts, such as those covering strategy, staking, liquidity provision, and storage reference, as well as the YAX token contract itself and most importantly, the yAxisMetavault. yAxis is also interested in securing their website, but has no rewards for bug reports around that at the moment.
Verification of yAxis’ bug bounty program on Immunefi is available at https://yaxis.ghost.io/yaxis-security-bug-bounty-on-immunefi/
Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System. This is a simplified 5-level scale, with separate scales for websites/apps and smart contracts/blockchains, encompassing everything from consequence of exploitation to privilege required to likelihood of a successful exploit. The listed rewards represent the maximum that will be paid out for a security bug reporting. Vulnerability reports on smart contracts must be accompanied by a Proof of Concept (POC) demonstrating the attack.
Level | Payout | Est. Current Value (USD) |
---|---|---|
Critical | 5,000 YAX | up to $85,800 |
High | 1,000 YAX | $17,160 |
Medium | 500 YAX | $8,580 |
Low | 100 YAX | $1,716 |
Payouts are handled by yAxis directly. The payouts are based on and completed in YAX. A USD estimate of the current value of the token is provided for reference. Estimates are updated regularly, though should not be relied on.
Target | Type |
---|---|
https://github.com/yaxis-project/metavault | Smart Contract - (Source Code) |
https://etherscan.io/address/0xbfbec72f2450ef9ab742e4a27441fa06ca79ea6a#code | Smart Contract - yAxisMetavault |
The following assets are considered in-scope, but will not be rewarded with any bounty for reports.
Target | Type |
---|---|
https://etherscan.io/address/0xeF31Cb88048416E301Fee1eA13e7664b887BA7e8#code | Smart Contract - yAxisBar (Staking Contract) |
https://etherscan.io/address/0xb1dc9124c395c1e97773ab855d66e879f053a289#code | Smart Contract - yAxis Token |
https://etherscan.io/address/0xc330e7e73717cd13fb6ba068ee871584cf8a194f#code | Smart Contract - yAxisChef (Liquidity Provider) |
https://yaxis.io | Website* |
*Includes all paths and sub-domains, DNS, and email configuration.
We are especially interested in receiving and rewarding vulnerabilities of the following types:
We accept the following website vulnerabilities, though there is no reward for them:
The following vulnerabilities are excluded from the rewards for this bug bounty program:
The following vulnerabilities are not sought after for website bug reports:
The following activities are prohibited by bug bounty program:
Join our whitehat community and get notified when new bounties launch on the platform